Info
Content

Automatic Blocking of Codes and Cookies

Please be aware, that automatic blocking is not 100% safe! If you want to ensure compliance, you should always prefer manual blocking over automatic blocking for codes and cookies!

How Automatic Blocking works

In order to prevent the website visitor from data processing, the automatic blocking feature can automatically disable scripts and iframes that are integrated into a website. In this case, no additional adjustments of the scripts/iframes are necessary (whereas the manual blocking mechanism requires you to change the codes of the scripts and iframes).

When the page loads, the automatic blocking feature will load and check all scripts and iframes that are included in your website. It will then disable iframes and external scripts. It will also check if inline scripts try to set cookies and of so, it will also block these inline scripts. Scripts and iframes that are disabled can then be enabled by the CMP as soon as consent is given.

All disabled scripts/iframes are disabled the same way as if you would apply manual blocking to these codes. This means that you can use the same attributes and logic for these codes.

Integrating the Code for Automatic Blocking

In order to ensure that the automatic blocking can work, it is strictly necessary to install the blocking code directly after <head> in your websites source code and before any other <script ...> or <iframe ...> element. Place the following code into all sites of your website:

<!DOCTYPE html>
<html>
<head>
 <script src="https://cdn.consentmanager.mgr.consensu.org/delivery/cookieblock.min.js" data-cmp-ab="1"></script>
 ... your CMP-Code goes here ... 
  
 ...

Please note: The automatic blocking code cannot be loaded asynchronously!

Please note: The automatic blocking code cannot be loaded using a TagManager!

Configuring Automatic Blocking

In some cases it can be required to change the behavior of the automatic blocking mechanism. In order to do so, please insert the following <script> right before the automatic blocking code:

 <script data-cmp-ab="1">
  window.cmp_block_inline = true;      //blocking of inline scripts
  window.cmp_block_unkown = true;      //blocking of unknown external scripts/iframes
  window.cmp_block_sync = true;        //blocking of synchronous scripts
  window.cmp_block_img = false;        //blocking of images
  window.cmp_block_samedomain = false; //blocking of scripts/iframes/images from the same domain
 </script>

Each lines of the above script contains a setting that can be enabled/disabled. Change the seting to true or false in order to enable or disable it.

Automatic Blocking & TagManagers

In order to prevent TagManagers from being blocked by the automatic blocking, please ensure that you add the attribute data-cmp-ab="1" to the TagManager script. For example the code of the Google TagManager could look like this:

<script data-cmp-ab="1">(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
        new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
        j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
        'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
    })(window,document,'script','dataLayer','GTM-ABCDEF');</script>

Excluding scripts/iframes from automatic blocking

In some cases it can be necessary to exclude a script or an iframe from automatic blocking. In order to do this, please insert the attribute data-cmp-ab="1" into the script or iframe code. Example:

<script data-cmp-ab="1" src="https://..."></script>

Limitations of Automatic Blocking

Please note that Automatic Blocking is not safe due to some technical limitations. These are:

  • Automatic blocking can only work if it is the first script in the website code. If it is installed behind/under an other script or iframe, the above script or iframe cannot be blocked before loading!
  • Automatic blocking must be installed synchronously and cannot be loaded via a TagManger!
  • Although the automatic blocking script loads synchronously as the first item in the page, modern browser try to preload other sources from third parties asynchronously. This means a browser could already send a request to a third party server while loading the automatic blocking script. In this case the third party server can already process personal data and/or set cookies that cannot be blocked by the automatic blocking feature.
  • Automatic blocking will only work with modern browsers (IE11, Edge 18, Firefox 14, Chrome 18, Opera 15, Safari 7)
Back to top